[MDEV-8238] Tables with encryption=yes using file_key_management plugin are not encrypted - JIRA

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 10.1.4
Fix Version/s: 10.1.5
Component/s: Encryption, Storage Engine - InnoDB, Storage Engine - XtraDB
Labels:
None

Description

Effect file_key_management_plugin where first tables with key_id 1-4 are created, then key_id is changed in all tables to 5. Restart server with different key file where keys 1-4 are deleted and new key_id 6-9 are introduced but naturally key 5 remains the same. Idea is to alter tables back to use changed keys for key_ids 6-9.

Gliffy Diagrams

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

innodb_page_encryption_key_change.test
5 kB
2015-05-27 12:11
keys2.txt
0.2 kB
2015-05-27 12:11
keys3.txt
0.2 kB
2015-05-27 12:11
keys4.txt
0.2 kB
2015-05-27 12:11

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Jan Lindström added a comment - 2015-05-27 12:11

Actual keys can be changed as long the key_id does not change.

Show

Jan Lindström added a comment - 2015-05-27 12:11 Actual keys can be changed as long the key_id does not change.

Hide

Permalink

Jan Lindström added a comment - 2015-05-27 12:12

150527 12:10:56 [ERROR] InnoDB: Tablespace id 9 encrypted but encryption service not available. Can't continue opening tablespace.

2015-05-27 12:10:56 7f69cdbbe780  InnoDB: Assertion failure in thread 140092399937408 in file ha_innodb.cc line 21135

Problem is that key_id 1 can't be removed.

Show

Jan Lindström added a comment - 2015-05-27 12:12 150527 12:10:56 [ERROR] InnoDB: Tablespace id 9 encrypted but encryption service not available. Can't continue opening tablespace. 2015-05-27 12:10:56 7f69cdbbe780 InnoDB: Assertion failure in thread 140092399937408 in file ha_innodb.cc line 21135 Problem is that key_id 1 can't be removed.

Hide

Permalink

Jan Lindström added a comment - 2015-05-27 15:03

Key_id 1 is needed but tables are not really encrypted.

Show

Jan Lindström added a comment - 2015-05-27 15:03 Key_id 1 is needed but tables are not really encrypted.

Hide

Permalink

Jan Lindström added a comment - 2015-05-27 17:15

commit a25ccd4f83912e02091abe1cba8515266483559b
Author: Jan Lindström <jan.lindstrom@mariadb.com>
Date: Wed May 27 15:37:13 2015 +0300

~~MDEV-8238~~: Tables with encryption=yes using file_key_management plugin are not encrypted

Analysis: Problem was that encryption was skipped.

Fixed by making sure that tables with ENCRYPTED=YES are encrypted.

Show

Jan Lindström added a comment - 2015-05-27 17:15 commit a25ccd4f83912e02091abe1cba8515266483559b Author: Jan Lindström <jan.lindstrom@mariadb.com> Date: Wed May 27 15:37:13 2015 +0300 MDEV-8238 : Tables with encryption=yes using file_key_management plugin are not encrypted Analysis: Problem was that encryption was skipped. Fixed by making sure that tables with ENCRYPTED=YES are encrypted.

People

Assignee:

Jan Lindström

Reporter:

Jan Lindström

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2015-05-27 11:49

Updated:

2015-05-27 17:15

Resolved:

2015-05-27 17:15

Agile

View on Board